mirror of
https://github.com/adulau/abstract-key-server.git
synced 2024-12-21 16:26:01 +00:00
41 lines
1.6 KiB
Markdown
41 lines
1.6 KiB
Markdown
# abstract-key-server (aks)
|
|
|
|
Abstract key server (aks) is a minimal PGP key server to support communities. aks is a kind of
|
|
read-only OpenPGP key server which is updated by some core administrators of a community. Those
|
|
core administrators can add other trusted aks server to provide lookup of other keys via their server.
|
|
|
|
This is a work-in-progress to solve specific problems in security and information sharing communities.
|
|
|
|
## Goals
|
|
|
|
- Minimal parsing of PGP packets (to reduce complexity and software dependencies)
|
|
- New keys are added via a specific vetted process (or at the discretion of the aks operator)
|
|
- AKS can connect to other trusted list to query unknown keys and there is no reconciliation protocol (by design)
|
|
- Standard HKP interface with `add` method disabled
|
|
- Simple interface to filter out known malicious or rogue PGP keys
|
|
- Fast and reliable
|
|
- Simple namespace to group keys in a set of known members (e.g. CSIRT, MISP sharing group, organisation)
|
|
|
|
# Requirements
|
|
|
|
- [ardb](https://github.com/yinqiwen/ardb) as storage back-end
|
|
- Python 3.6
|
|
- [Pgpy](https://github.com/SecurityInnovation/PGPy)
|
|
- redis python library
|
|
- Flask
|
|
|
|
## Back-end format (ardb)
|
|
|
|
| key type | key name | values |
|
|
|------------|------------------|---------------------|
|
|
| k/v | k:_fingerprint_ | armored PGP key |
|
|
| set | n:_namespace_ | set of fingerprints |
|
|
| set | un:_uid-name_ | set of fingerprints |
|
|
| set | uc:_uid-name_ | set of fingerprints |
|
|
| set | ue:_uid-name_ | set of fingerprints |
|
|
|
|
|
|
- un -> name in the UID
|
|
- uc -> comment in the UID
|
|
- ue -> email in the UID
|
|
|